Skip to main content

Towards a Reliable and Accountable Cyber Supply Chain in Energy Delivery System Using Blockchain

  • Conference paper
  • First Online:
Security and Privacy in Communication Networks (SecureComm 2018)

Abstract

The cyber supply chain arises as the emerging business model of today’s IT infrastructure in enterprise-level energy delivery system, which relies on different software or hardware vendors. Due to the heterogeneous services provided and various roles involved for each system entity to maintain the IT infrastructure, the attack surface expands dramatically, thus putting enterprise systems at high risks of data breaches or compromises. This paper firstly presents an overview of the typical cyber supply chain system, including system entities and processes, and then two attack scenarios are illustrated. Following the analysis of cyber supply chain security requirements and countermeasures, we integrate the power of blockchain technology that has a trustless and decentralized architecture, to the cyber supply chain to achieve reliability and accountability. A basic framework for blockchain assured energy delivery system is introduced as a case study to provide guidelines for future blockchain adoption in achieving provenance of cyber supply chain systems in any industries.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Chainpoint: A scalable protocol for anchoring data in the blockchain and generating blockchain receipts. http://www.chainpoint.org/

  2. Tierion API. https://tierion.com/app/api

  3. Ethereum reaches 50 (2017). http://www.trustnodes.com/2017/05/17/ethereum-reaches-50-bitcoins-transaction-volumes

  4. Abeyratne, S.A., Monfared, R.P.: Blockchain ready manufacturing supply chain using distributed ledger (2016)

    Article  Google Scholar 

  5. Awaysheh, A., Klassen, R.D.: The impact of supply chain structure on the use of supplier socially responsible practices. Int. J. Oper. Prod. Manag. 30(12), 1246–1268 (2010)

    Article  Google Scholar 

  6. Basnight, Z., Butts, J., Lopez, J., Dube, T.: Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 6(2), 76–84 (2013)

    Article  Google Scholar 

  7. Boyson, S., Corsi, T.: Building a cyber supply chain assurance reference model (2009)

    Google Scholar 

  8. Brewster, C.: Semantic blockchains in the supply chain

    Google Scholar 

  9. Cachin, C.: Architecture of the hyperledger blockchain fabric. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)

    Google Scholar 

  10. Cert-UK: Cyber-security risks in the supply chain (2015). https://www.ncsc.gov.uk/content/files/protected_files/guidance_files/Cyber-security-risks-in-the-supply-chain.pdf

  11. Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious hashing: a stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_26

    Chapter  Google Scholar 

  12. Dhillon, V., Metcalf, D., Hooper, M.: The hyperledger project. Blockchain Enabled Applications, pp. 139–149. Apress, Berkeley, CA (2017). https://doi.org/10.1007/978-1-4842-3081-7_10

    Chapter  Google Scholar 

  13. Douligeris, C., Mitrokotsa, A.: Ddos attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)

    Article  Google Scholar 

  14. English, S.M., Nezhadian, E.: Application of bitcoin data-structures & design principles to supply chain management. arXiv preprint arXiv:1703.04206 (2017)

  15. Gallay, O., Korpela, K., Tapio, N., Nurminen, J.K.: A peer-to-peer platform for decentralized logistics. Epublication (2017)

    Google Scholar 

  16. Graunke, G., Rozas, C.: Method and apparatus for integrity verification, authentication, and secure linkage of software modules. US Patent 6,105,137, 15 August 2000. https://www.google.com/patents/US6105137

  17. Group ESCSW, et al.: Roadmap to achieve energy delivery systems cybersecurity. Energetics Inc. (2011). https://energy.gov/oe/downloads/roadmap-achieve-energy-delivery-systems-cybersecurity-2011

  18. Hardjono, T., Pentland, A.S.: Verifiable anonymous identities and access control in permissioned blockchains

    Google Scholar 

  19. Ilgun, K., Kemmerer, R.A., Porras, P.A.: State transition analysis: a rule-based intrusion detection approach. IEEE Trans. Softw. Eng. 21(3), 181–199 (1995)

    Article  Google Scholar 

  20. Threat Intelligence: Dragonfly: cyber attacks on the energy sector (2017). https://www.symantec.com/blogs/threat-intelligence/dragonfly-energy-sector-cyber-attacks

  21. Jon, B.: Integrating cybersecurity into supply chain risk management (2016). https://www.rsaconference.com/writable/presentations/file_upload/integrating_cybersecurity_into_supply_chain_risk_management.pdf

  22. Jon, O.: Vmware and the need for cyber supply chain security assurance (2015). https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/vmware-esg-cyber-supply-chain-security-assurance-white-paper.pdf

  23. Kaku, E.: Using blockchain to support provenance in the internet of things. Ph.D. thesis (2017)

    Google Scholar 

  24. Kim, H.M., Laskowski, M.: Towards an ontology-driven blockchain design for supply chain provenance (2016)

    Google Scholar 

  25. Kshetri, N.: 1 blockchain’s roles in meeting key supply chain management objectives. Int. J. Inf. Manag. 39, 80–89 (2018)

    Article  Google Scholar 

  26. Liang, X., Shetty, S., Tosh, D., Kamhoua, C., Kwiat, K., Njilla, L.: ProvChain: a blockchain-based data provenance architecture in cloud environment with enhanced privacy and availability. In: Proceedings of the 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing, pp. 468–477. IEEE Press (2017)

    Google Scholar 

  27. Liang, X., Zhao, J., Shetty, S., Li, D.: Towards data assurance and resilience in IoT using blockchain

    Google Scholar 

  28. Liang, X., Zhao, J., Shetty, S., Liu, J., Li, D.: Integrating blockchain for data sharing and collaboration in mobile healthcare applications

    Google Scholar 

  29. Mackey, T.K., Nayyar, G.: A review of existing and emerging digital technologies to combat the global trade in fake medicines. Expert Opin. Drug Saf. 16(5), 587–602 (2017)

    Article  Google Scholar 

  30. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  31. Nicoletti, B.: The future: procurement 4.0. Agile Procurement, pp. 189–230. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-61085-6_8

    Chapter  Google Scholar 

  32. Ornaghi, A., Valleri, M.: Man in the middle attacks. In: Blackhat Conference Europe (2003)

    Google Scholar 

  33. Sean, B., Earl, C., Erick, G., Christopher, M., Marshall, J.: Attack on critical infrastructure leverages template injection (2017). http://blog.talosintelligence.com/2017/07/template-injection.html

  34. Seller, C., Murphy, J.: Cyber supply chain risk management (2017)

    Google Scholar 

  35. Shackleford, D.: Combatting cyber risks in the supply chain. SANS.org (2015)

    Google Scholar 

  36. Skipper, J.B., Hanna, J.B.: Minimizing supply chain disruption risk through enhanced flexibility. Int. J. Phys. Distrib. Logistics Manage. 39(5), 404–427 (2009)

    Article  Google Scholar 

  37. National Institute of Standards and Technology: Cyber supply chain risk management (2017). https://csrc.nist.gov/projects/supply-chain-risk-management/

  38. Tankard, C.: Advanced persistent threats and how to monitor and deter them. Netw. Secur. 2011(8), 16–19 (2011)

    Article  Google Scholar 

  39. Tian, F.: A supply chain traceability system for food safety based on HACCP, blockchain & Internet of Things. In: 2017 International Conference on Service Systems and Service Management (ICSSSM), pp. 1–6. IEEE (2017)

    Google Scholar 

  40. Tomlin, B.: On the value of mitigation and contingency strategies for managing supply chain disruption risks. Manage. Sci. 52(5), 639–657 (2006)

    Article  MathSciNet  Google Scholar 

  41. Toyoda, K., Mathiopoulos, P.T., Sasase, I., Ohtsuki, T.: A novel blockchain-based product ownership management system (POMS) for anti-counterfeits in the post supply chain. IEEE Access (2017)

    Google Scholar 

  42. Urciuoli, L.: Cyber-resilience: a strategic approach for supply chain management. Technol. Innov. Manage. Rev. 5(4), 13 (2015)

    Article  Google Scholar 

  43. Voyatzis, G., Pitas, I.: The use of watermarks in the protection of digital multimedia products. Proc. IEEE 87(7), 1197–1207 (1999)

    Article  Google Scholar 

  44. Waalewijn, D.: Cyber security in the supply chain of industrial embedded devices (2014)

    Google Scholar 

  45. William, J.: RSA confirms its tokens used in Lockheed hack (2011)

    Google Scholar 

  46. Wood, G.: Ethereum: a secure decentralised generalised transaction ledger. Ethereum Proj. Yellow Pap. 151 (2014)

    Google Scholar 

  47. Wu, H., Li, Z., King, B., Ben Miled, Z., Wassick, J., Tazelaar, J.: A distributed ledger for supply chain physical distribution visibility. Information 8(4), 137 (2017)

    Article  Google Scholar 

  48. Xu, L., Chen, L., Gao, Z., Lu, Y., Shi, W.: CoC: secure supply chain management system based on public ledger. In: 2017 26th International Conference on Computer Communication and Networks (ICCCN), pp. 1–6. IEEE (2017)

    Google Scholar 

Download references

Acknowledgment

This material is based on upon work supported by the Department of Energy under Award Number DE-OE0000780 and Office of the Assistant Secretary of Defense for Research and Engineering agreement FA8750-15-2-0120. The work was also supported by a grant from the National Key R&D Program of China (2016YFB0800500).

Disclaimer

This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor any agency thereof, nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or any agency thereof. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or any agency thereof.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yafei Ji .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Liang, X., Shetty, S., Tosh, D., Ji, Y., Li, D. (2018). Towards a Reliable and Accountable Cyber Supply Chain in Energy Delivery System Using Blockchain. In: Beyah, R., Chang, B., Li, Y., Zhu, S. (eds) Security and Privacy in Communication Networks. SecureComm 2018. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 255. Springer, Cham. https://doi.org/10.1007/978-3-030-01704-0_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-01704-0_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-01703-3

  • Online ISBN: 978-3-030-01704-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics